Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

Refine your search:

Root CA password

0

Hi,

I'm testing how to create a new root CA to enable SSL authentication. It seems that the default script for this, genRootCA.sh doesn't set a password for the certificate by default, but I can change this behaviour with -p.

However, when trying to generate server keys with 'splunk create-ssl server-cert', Splunk doesn't ask for the CA password and is consequently unable to load the CA private key. Is this expected behaviour or a bug? Is it somehow recommended not to protect the CA private key with a password?

People who like this

2 Answers

Answering my own question: the genRootCA.sh script doesn't seem to be created for the purpose of creating more advanced CAs. If you really want to, you can edit the script and change the values of -passin and -passout.

For more generic usage, use your organization's root CA or use OpenSSL to create a new root CA to use with Splunk.

MuS, I have hard time believing we're all doing it wrong. Sadly, the createssl command isn't well documented at all.The solution I came to was to disregard the helper scripts and just use the CA.pl-script that is included in $SPLUNK_HOME/openssl/misc. I believe it's a standard part of any openssl distribution.